How To Build Your Own Auth
Syntax - Tasty Web Development Treats17 Mars 2021

How To Build Your Own Auth

In this episode of Syntax, Scott and Wes talk about building your own authentication — diving deep into JWT, sessions, tokens, cookies, local storage, CSRF, and how it all works! Prismic - Sponsor Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax. LogRocket - Sponsor LogRocket lets you replay what users do on your site, helping you reproduce bugs and fix issues faster. It’s an exception tracker, a session re-player and a performance monitor. Get 14 days free at logrocket.com/syntax. Hasura - Sponsor With Hasura, you can get a fully managed, production-ready GraphQL API as a service to help you build modern apps faster. You can get started for free in 30 seconds, or if you want to try out the Standard tier for zero cost, use the code “TryHasura” at this link: hasura.info. We’ve also got an amazing selection of GraphQL tutorials at hasura.io/learn. Show Notes 01:51 - Overview Level Up uses a JWT & secure cookie-based authentication and tracks sessions via a db table. Accounts.js 05:13 - JWT Base 64 encoded (not encrypted) token that contains data. We have both accessTokens and refreshTokens. JWT has three parts: Header What kind of algo was used Payload Data about the user Email Username UserID refreshToken, authToken, sessionId Signature This ensures that no one monkeyed with the above parts. If you change your email in the payload, the signature is not invalid, because in order to generate the signature, it uses the header and payload as part of it. accessToken A short lived JWT that contains the sessionToken, userId and expires after 90min. refreshToken A long lived JWT that contains just the sessionToken and doesn’t expire. JWT can be decoded and read, but you have to encode them with your secret. JWT can be stored anywhere, there are two main places: 20:26 - Cookies We use httpOnly, secure cookies to store the accessToken and the refreshToken. The accessToken is a session cookie and is removed whenever the browser is closed. The refreshToken is valid for 100 days but is also re-created and revalidated for 100 more days each time the accessToken is generated. Because these are httpOnly cookies, they cannot be accessed by JavaScript in the client and can only be set and removed on the server. Note: Safari has stricter rules than others for same domain cookies (e.g. localhost won’t work). 34:26 - Sessions Sessions are when a user logs in on a device. If you open a phone and log in and a computer and log in, those will create two different sessions. A session contains information about the user’s connection (like their IP) but it also contains the userId which allows us to create new accessTokens from a valid session. Sessions can be valid or invalid. This allows us to log anyone out by setting their session to valid: false. Sessions also have sessionToken which are generated on authentication or create account. 38:10 - CORS Cross-origin-resource-sharing Can be super tricky to get working cross-domain You usually have to actually visit the website for the cookie to be set, even with lax cors 46:06 - CSRF 48:47 - Authentication process bcrypt.js 52:13 - Helper Packages NextAuth.js is super easy Passport.js auth0 Links Caddy Fastify ××× SIIIIICK ××× PIIIICKS ××× Scott: reMarkable 2 Wes: Opration Odessa Shameless Plugs Scott: Node Fundamentals Authentication - Sign up for the year and save 25%! Wes: Advanced React - Use the coupon code ‘Syntax’ for $10 off! Tweet us your tasty treats! Scott’s Instagram LevelUpTutorials Instagram Wes’ Instagram Wes’ Twitter Wes’ Facebook Scott’s Twitter Make sure to include @SyntaxFM in your tweets

Avsnitt(967)

943: Modern React with Ricky Hanlon (React Core Dev)

943: Modern React with Ricky Hanlon (React Core Dev)

Scott and Wes sit down with Ricky Hanlon from the React core team at Facebook to dive into the latest features and APIs shaping modern React development. From transitions and Suspense to fetching strategies and future directions, this episode breaks down what’s next for React and how developers can take advantage of it. Show Notes 00:00 Welcome to Syntax! 01:20 Who is Ricky Hanlon. 02:10 Setting the Stage: Modern React APIs 02:48 Brought to you by Sentry.io. 03:12 Defining Transitions in React 05:08 Practical Examples of Scheduling. 08:23 useDeferredValue. 09:30 Suspense. 11:13 Fallbacks and animations. 12:35 How do you get psychological performance data? 13:39 Are these considerations reasonable for the average dev? 15:37 useOptimistic. 17:35 Removing delayMs (referred to as maxDuration in later iterations). 19:49 How to fetch data in React. 21:58 Is React now just Nextjs? 23:23 Will React give us a Signals-based state management? 24:44 The challenges of building in public. 30:12 Making LLMs cooperate with React. 32:05 The lifting will happen at framework level. 32:59 This is not time slicing. 35:47 Sick Pick + Shameless Plug. Sick Picks Ricky: iPhone 17 Pro Shameless Plugs Ricky: https://conf.react.dev/ Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

6 Okt 202538min

942: Mental Health Q&A w/ Dr. Courtney Tolinski

942: Mental Health Q&A w/ Dr. Courtney Tolinski

Wes and Scott talk with Dr. Courtney Tolinski about supporting neurodivergent teammates, navigating workplace dynamics, and recognizing strengths beyond labels. They explore ADHD diagnosis and treatment, productivity mindsets, burnout, AI in mental health, and practical routines for focus and balance. Show Notes 00:00 Welcome to Syntax! 00:09 Meet Dr. Courtney Tolinski 01:46 Supporting neurodivergent team members 12:26 Should I disclose my ADHD diagnosis at work? 17:21 Characteristics of autism and ADHD 22:37 Seeking diagnosis as an adult developer 28:04 Brought to you by Sentry.io 32:18 Uncoupling identity from productivity 38:06 Is overtime ever “worth it”? 42:34 AI as a mental health tool: hope or hype? 46:32 Will therapists be replaced by AI? 49:29 Burnout warning signs in high-performers 55:15 Sick picks + shameless plugs Sick Picks Courtney: Bentgo Glass Containers Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

1 Okt 202557min

941: Is Responsible AI Possible? with Dr. Sarah Bird of Microsoft

941: Is Responsible AI Possible? with Dr. Sarah Bird of Microsoft

Scott heads to Microsoft’s campus for the VS Code Insider Summit to sit down with Dr. Sarah Bird and explore what “Responsible AI” really means for developers. From protecting user privacy to keeping humans in the loop, they dig into how everyday coders can play a role in shaping AI’s future. Show Notes 00:00 Welcome to Syntax! 01:27 Brought to you by Sentry.io. 03:13 The path the machine learning. 04:44 How do you get to ‘Responsible AI’? 06:43 Is there such a thing as ‘Responsible AI’? 07:34 Does the average developer have a part to play? 09:12 How can AI tools protect inexperienced users? 11:55 Let’s talk about user and company privacy. 13:57 Are local tools and services becoming more viable? 15:06 Are people right to be skeptical? 16:58 The software developer role is fundamentally changing. 17:43 Human in the loop. 19:37 The career path to Responsible AI. 21:21 Sick Picks. Sick Picks Sarah: Japanese pottery Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

29 Sep 202522min

940: Picking a Fullstack Stack, Is Next.js Too Complex? Services vs Self-Hosted + More

940: Picking a Fullstack Stack, Is Next.js Too Complex? Services vs Self-Hosted + More

In this potluck episode, Wes and Scott answer your questions about modern full-stack stacks, Node.js backend options, managing database indexes, developer burnout, handling toxic bosses, and more! Show Notes 00:00 Welcome to Syntax! 02:36 What’s your go-to Node.js backend in 2025? Polka 06:18 Do you proactively manage database indexes—or fix them only when they become a problem? 09:40 Brought to you by Sentry.io 12:14 After planning a new project, what’s your real-world dev workflow? 931: Project Init - How to Make Good Choices When Starting a New Coding Project 18:19 What to do when you’re feeling burned out as a developer 23:34 Picking the right tech stack for your partner’s website 28:18 How do you deal with a toxic boss? 33:10 The ideal tech stack for launching a SaaS MVP 39:46 Is GraphQL still worth it vs REST or RPC? 44:26 Is Vercel steering modern web dev in the wrong direction? 51:20 What’s up with TanStack Forms? TanStack Form Latest 59:35 Sick Picks + Shameless Plugs Sick Picks Scott: Flesh and Code Wes: WAGO connectors Shameless Plugs Syntax YouTube Channel Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

24 Sep 20251h 5min

939: Creator of Vite: Evan You

939: Creator of Vite: Evan You

Scott and Wes sit down with Evan You, creator of Vue, Vite, and VoidZero, to dig into the future of frontend tooling. From the speed of Rolldown to why he chose Rust, they explore the evolution of developer experience, bundlers, and what’s next for the web. Show Notes 00:00 Welcome to Syntax! 00:31 Who is Evan You? Vue.js. Vite. Void0 01:19 Making the shift from UI to Toolchains. 02:37 How aesthetics contributed to the success of Vue and Vite. 05:26 Adding Rollup plugins to the Dev Server. 07:31 Brought to you by Sentry.io. 07:56 Rollup and Rolldown explained. 09:29 NAPIRS. 10:02 Why Rust and not Go? SWC, OXC. 12:04 Rolldown’s speed and performance. OXC Allocator. 15:09 Dealing with massive buildtimes. 17:42 How has the transition been? 20:34 Why do we even need a bundler? 23:25 Vite’s superior developer experience. 26:01 Fullstack Vue? 31:45 Node and Vite’s relationship. 35:41 Wes’ wishlist. vite-dir. 37:28 Hot takes. 37:37 Would Next be better with Vite? 41:09 Thoughts on React Server Components. 43:40 Thought on Remix 3. 46:22 Tell us about Void0. 51:36 Sick Picks + Shameless Plugs. Sick Picks Evan: Laravel Lamborghini Shaped Stress Toys Shameless Plugs Evan: Viteconf, Vite, CultRepo. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

22 Sep 202554min

938: Hot Takes + Bike Shedding

938: Hot Takes + Bike Shedding

Wes and Scott dive into some hot takes and classic debates—tabs vs spaces, camel vs snake case, export styles, barrel files, variable naming, and more. Show Notes 00:00 Welcome to Syntax! 01:26 CSS variables: descriptive vs. semantic 03:38 snake_case vs. camelCase 04:54 Default exports vs. named exports 06:23 Barrel files vs. direct imports 09:15 Function declaration vs. function expression 11:00 Inferred types vs. explicit types 13:40 Brought to you by Sentry.io 14:40 Long and explicit variable names vs. short with comments 16:27 Self-documenting code vs. code comments 17:03 Rebase vs. merge commit 18:39 Naming event parameters: e vs. event 20:33 Tabs vs. spaces 22:18 Big line height vs. small line height 23:50 Hard line length vs. line wrap Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

17 Sep 202527min

937: Is The Omarchy Hype Real?

937: Is The Omarchy Hype Real?

Scott takes Wes on a tour of Omarchy, DHH’s polished Arch + Hyprland Linux setup that promises speed, beauty, and endless keyboard shortcuts. From first impressions to daily workflows, Scott debates whether it’s good enough to pull him out of the Apple ecosystem for good. Show Notes 00:00 Welcome to Syntax! 02:31 Brought to you by Sentry.io. 02:55 What is Omarchy? 02:57 Arch-based distribution. 03:42 Hyprland window management. 05:08 Wayland Display Server Protocol. 06:27 Installation Defaults. 06:53 System-wide shortcuts. 09:01 My first impressions. 09:41 Connecting to my NAS. 10:54 Gigantic UI. 12:21 Day 2 Experiences. 13:22 Resizing window challenges. 16:11 Neovim and Lazyvim. 16:49 Lazygit. 19:07 How do you use it and why is it good. 19:14 Command Palette. 19:49 Raycast. Recreating Raycast. 20:50 Using the app launcher. 21:25 Screensavers. 21:59 OS Style. 22:55 My apps, my apps, my apps, check it out. 25:07 Is the hardware comparable to Mac’s M processors? 27:24 Installing new apps. 29:26 Web apps as first class citizens. 32:47 What I’ll miss. 35:56 What’s going on with MacOS UI? 38:37 Annoyances. 39:31 My advice. Read the Manual. 44:39 Sick Picks & Shameless Plugs. Sick Picks Scott: Omarchy Manual. Wes: Ugreen 200w Charger, Silicone USB C. Shameless Plugs Scott: Syntax on YouTube. Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

15 Sep 202548min

936: Realtime LED Wall With React + Websockets (I Let Strangers Control It)

936: Realtime LED Wall With React + Websockets (I Let Strangers Control It)

Scott, Wes, and CJ dive into Wes’s Hackweek project: a real-time, web-controlled LED grid. They break down the hardware build, custom 3D-printed diffuser, ESP32 microcontroller, and Cloudflare durable objects powering live pixel art, GitHub activity displays, and interactive web drawings. Show Notes 00:00 Welcome to Syntax! 02:03 Wes’ Hackweek project: a web-controlled LED grid 03:52 The hardware: LED panels, soldering, and power WS2812 LED panels 06:38 ESP32 microcontroller and WLED firmware explained ESP32 Microcontroller 10:57 Power supply challenges and injection fixes 15:05 Debugging and testing a DIY LED matrix 15:56 Shorts, blown circuits, and melted wires 17:58 Designing and 3D-printing the diffuser for crisp pixels 21:29 The software: Cloudflare Durable Objects + Party Server Cloudflare Durable Objects Party.server 22:18 Real-time sync and state management across clients Party Client 28:43 Connecting the server to the LED hardware 41:51 Open access fun: scripts, NSFW images, and moderation Cloudflare tunnel 44:10 Live demos 45:34 Future plans: stats, rooms, and making it always-on Hit us up on Socials! Syntax: X Instagram Tiktok LinkedIn Threads Wes: X Instagram Tiktok LinkedIn Threads Scott: X Instagram Tiktok LinkedIn Threads Randy: X Instagram YouTube Threads

10 Sep 202547min

Populärt inom Politik & nyheter

svenska-fall
p3-krim
motiv
rss-krimstad
aftonbladet-krim
spar
flashback-forever
rss-viva-fotboll
politiken
rss-sanning-konsekvens
rss-krimreportrarna
blenda-2
fordomspodden
rss-svalan-krim
grans
rss-frandfors-horna
olyckan-inifran
svd-dagens-story
rss-flodet
rss-vad-fan-hande